Network Security Monitoring and Intrusion Detection for Indian Enterprise

At

Whiz Hack Technologies

In partial fulfillment for the award of the degree of BBA(General)

Teerthanker Mahaveer Institute of Management and Technology (TMIMT)

Teerthanker Mahaveer University, Moradabad. Uttar Pradesh

Submitted By: Submitted To:

Paras Sharma Dr. Bindoo Malviya

5th Semester 3rd Year Professor

TMIMT

TMU

Under Supervision of

Mr. Anubhav Chaudhary

1
 Table of Content

S.NO ABOUT PAGE

NO
1 Title page 01
2 Declaration 03
3 Certificate 04
4 Acknowledge 05
5 Organization/Company profile 6-8
6 Objectives of Training 9-10

7 Introduction 11
8 Intern Role/Role of Department 12-16
9 Observation 17-20
10 Key learning 21

11 Conclusion 22

2
 DECLARATION
, Paras Sharma (TMG2201311), Student of BBA, 5th Semester, studying at Teerthanker Mahaveer
Institute of Management and Technology (TMIMT), Teerthanker Mahaveer University, Moradabad (UP),
hereby declare that the Internship Report on “Network Security Monitoring and Intrusion Detection for
Indian Enterprises” submitted in partial fulfillment of BBA is the innovative exertion showed thru us

The description of internship Report is not presence succumbed to any other University for award of any
other Degree, Diploma and Fellowship.

Date:7/10/2024

Place: Moradabad

Submitted By:

Paras Sharma (TMG2201311)

3
Certificate

4
 ACKNOWLEDGEMENT
I am thankful and greatly acknowledge the numerous personalities involved in leading their help to make
my internship report “Network Security Monitoring and Intrusion Detection for Indian Enterprises”. I
want to express my gratitude to my Supervisor Prof. (Dr) Bindoo Malviya, Moradabad, who helped me
from the beginning of my internship report. I was supported throughout the internship repot duration with
all the required data and related details to prepare this report.

I also take this opportunity to express my deep sense of gratitude to our Hon’ble Principal “Prof. (Dr)
Vipin Jain, TMU, for providing an excellent academics climate in the college that made this endeavor
possible.

I give my wholehearted admiration and a sense of gratitude to “HOD (Dr Manoj Agarwal),” Management
Department, TMU for his inspiration, valuable guidance, encouragement, suggestion and overall help
throughout.

I express my sincere thanks to the Internship coordinator “Dr. Gaurav Som”, TMU, for his taken interest
and invaluable help throughout the project.

Date: 7/10/24

Paras Sharma (TMG2201311).

5
 COMAPANY PROFILE
Whiz Hack is a cyber-security services and solutions provider that offers advanced threat intelligence,
vulnerability management, and cyber security training programs. The company's expertise lies in its ability
to detect and prevent cyber-attacks, with a focus on network security, threat intelligence, and vulnerability
management. Whiz Hack’s solutions are designed to help organizations stay one step ahead of emerging
threats and protect their digital assets.

Whiz Hack has 2 institutional investors including SAA Capital and Vedswasti Holdings. Vedswasti
Holdings is the largest institutional investor in Whiz Hack. The founders of Whiz Hack are Kallol
Sil, Sanjay Sengupta and Kaushik Ray. Kallol Sil has founded 1 more company - Whiz
hack. Kaushik Ray has founded 1 more company - NCR Techno solutions.

Kallol Sil is the CEO of Whiz Hack. Whiz Hack has 58 employees as of Aug 24. The total employee
count is 23.4% more than what it was in Aug 23.

Top competitors of Whiz Hack

Top competitors of Whiz Hack include Leonardo, CertiK and Silver Sky.

Whiz Hack ranks 17th among 3486 active competitors. 109 of its competitors are funded while 270 have
exited. Overall, Whiz Hack and its competitors have raised over $1.92B in funding across 203 funding
rounds involving 287 investors. There is 1 private unicorn, 25 public and 245 acquired companies in the
entire competition set.

6
 Below is a comparison of top competitors of Whiz Hack

WhizHack
Leonardo CertiK SilverSky

Vertically
integrated cyber
Producer of
security
helicopters, Online platform for Cloud security &
Descriptio solutions
aircraft, and other blockchain and smart compliance solution
n provider,
defenseand contract cybersecurity company
offering a range
security products
of services and
products,

Founded
2020 1948 2017 1997
Year

Gurugram (India New York Guildford (United

Location Roma (Italy)
) City (United States) Kingdom)

Company
Seed Acquired Series B Acquired
Stage

Unicorn
- - Unicorn -
Rating

Total
$3M $13.5M $290M $31.5M
Funding

Funding
1 3 9 2
Rounds

Series
Latest Seed, $3M, Jan PE, Undisclosed, J Series B, $60M, Apr
C, Undisclosed, Apr
Round 24, 2023 an 17, 2024 22, 2022
18, 2024

Investor
2 5 42 6
Count

Capital Goldman ITOCHU, Arrowroot

SAA
Top Group, Relay Sachs, Advent Capital
Capital, Vedswa
Investors Ventures & 3 othe International & 40 oth Management & 4 oth
sti Holdings
rs ers ers

7
 WhizHack
Leonardo CertiK SilverSky

Tracxn
Score Wh 50/100 73/100 71/100 65/100
at is this?

Overall
17th 1st 2nd 3rd
Rank

Whiz Hack is 1st of its kind vertically integrated cyber security organization that builds a completely self-
reliant digitally secure ecosystem.

Address: Premises No. 5th floor, Paras Downtown Centre, Parsvanatha Exocita, DLF Phase 5, Sector 53,
Gurugram, Haryana 122003.

8
 OBJECTIVE OF THE TRAINING

Internship training in network security monitoring tools like Snort and Suricata aims to equip individuals
with the skills and knowledge necessary to effectively identify, analyze, and respond to cyber threats. Here
are the primary objectives:

To learn threat detection and analysis

I. Identification of Common Threats: Learn to recognize common types of cyber threats, such as
malware, intrusion attempts, and denial-of-service attacks.
II. Signature-Based Detection: Understand how to use signatures to detect known threats.
III. Anomaly-Based Detection: Learn to identify abnormal network behavior that may indicate a
potential threat.
IV. Threat Intelligence Integration: Understand how to integrate threat intelligence feeds to enhance
threat detection capabilities.

To learn Incident Response

I. Incident Handling Procedures: Develop an understanding of incident response procedures,

including containment, eradication, recovery, and lessons learned.
II. Forensics and Investigation: Learn how to collect and analyze digital evidence to investigate
security incidents.
III. Coordination with Security Teams: Understand how to collaborate with other security teams,
such as incident responders and forensics experts.

To understand ethical considerations

I. Ethical Hacking and Penetration Testing: Learn how to conduct ethical hacking and penetration
testing to identify vulnerabilities in systems.
II. Compliance with Regulations: Understand relevant security regulations and standards (e.g.,
GDPR, PCI DSS) and how to ensure compliance.

By achieving these objectives, interns will gain valuable hands-on experience in network security
monitoring and be well-prepared to contribute to the protection of organizations from cyber threats.

9
 INTRODUCTION

Area Assigned: Corporate Network Security

The internship was conducted within the Corporate Network Security department of a leading Indian
enterprise. This department is responsible for safeguarding the organization's critical IT infrastructure and
protecting sensitive data from various cyber threats. As an intern, I was primarily involved in the intrusion
detection and monitoring aspects of the department's responsibilities. This included configuring and
managing IDS systems, analyzing IDS logs, and assisting in incident response efforts.

The area's primary responsibilities include:

I. Network Security Policy Enforcement: Ensuring compliance with the organization's network
security policies and standards.
II. Threat Intelligence Analysis: Monitoring and analyzing threat intelligence to identify emerging
threats and vulnerabilities.
III. Vulnerability Management: Identifying and addressing vulnerabilities in the network
infrastructure.
IV. Incident Response: Coordinating and managing incident response activities when security
breaches occur.
V. Security Awareness Training: Conducting security awareness training for employees to promote
best practices and prevent security incidents.

10
 INREN ROLE DURING INTERNSHIP

As an intern, my primary role was to configure and monitor Intrusion Detection systems (IDS) to identify
the potential:

I. IDS Deployment: Installing and configuring Snort or Suricata on network threats within the
organization. This involved the following tasks: devices or servers.
II. Rule Creation: Developing custom rules to detect specific threats or anomalies based on the
organization's security needs.
III. Alert Management: Setting up alert thresholds and notification systems to promptly respond to
potential security incidents.
IV. Log Analysis: Reviewing IDS logs to identify and investigate suspicious activities.
V. Incident Response: Assisting in the incident response process by providing information and
analysis to security teams.

These tasks provided me with valuable hands-on experience in network security and allowed me to
contribute to the department's overall security objectives.

11
 ROLE OF (THE DEPARTMENT OR THE AREA ASSIGNED) IN THE
ORGANIZATION

Corporate Network Security Department

The Corporate Network Security department plays a critical role in safeguarding the organization's IT
infrastructure and protecting sensitive data from various cyber threats. This department is responsible for:

Network Security Policy Enforcement

I. Policy Development:Developing and maintaining comprehensive network security policies and

standards.
II. Compliance Monitoring: Ensuring compliance with internal security policies and external
regulations (e.g., GDPR, PCI DSS).
III. Enforcement:Taking appropriate actions to address non-compliance issues.

Threat Intelligence Analysis

I. Threat Monitoring:Continuously monitoring the threat landscape for emerging threats and
vulnerabilities.
II. Intelligence Gathering:Collecting and analyzing threat intelligence from various sources (e.g.,
security vendors, industry reports).
III. Risk Assessment:Assessing the potential impact of threats on the organization's systems and data.

Vulnerability Management

I. Vulnerability Identification:Identifying vulnerabilities in the network infrastructure through

regular scans and assessments.
II. Patch Management: Ensuring timely application of security patches and updates.
III. Risk Mitigation:Implementing strategies to mitigate the risks associated with identified
vulnerabilities.

Incident Response

I. Incident Handling: Developing and implementing incident response plans to address security
breaches effectively.
II. Coordination: Coordinating with various teams (e.g., IT operations, legal, and human resources)
during incident response activities.
III. Post-Incident Analysis:Conducting root cause analysis to prevent similar incidents in the future.

12
Security Awareness Training

I. Program Development:Developing and delivering security awareness training programs for

employees.
II. Phishing Simulations:Conducting phishing simulations to assess employee awareness and
identify vulnerabilities.
III. Best Practices Promotion:Promoting best practices for secure computing and data handling.

Access Control Management

I. Identity and Access Management:Implementing robust identity and access management (IAM)
solutions.
II. Privileged Access Management:Managing privileged access to critical systems and data.
III. Access Reviews: Regularly reviewing and updating access privileges to ensure they
remainappropriate.

Data Protection

I. Data Classification:Classifying data based on sensitivity and value.

II. Data Loss Prevention: Implementing data loss prevention (DLP) measures to protect sensitive
data.
III. Data Backup and Recovery: Ensuring regular backups of critical data and implementing disaster
recovery plans.

Network Security Monitoring

I. Network Traffic Analysis: Monitoring network traffic for suspicious activity or anomalies.
II. Intrusion Detection: Deploying and managing intrusion detection systems (IDS) to detect and
prevent unauthorized access.
III. Security Information and Event Management (SIEM): Using SIEM tools to collect, analyze,
and correlate security events.

By effectively addressing these areas, the Corporate Network Security department plays a vital role in
protecting the organization from cyber threats and ensuring the confidentiality, integrity, and availability
of its data and systems.

13
 OBSERVATION

During the internship, I made several key observations regarding network security and intrusion detection
in Indian enterprises:

I. Growing Awareness: There is a growing awareness of network security threats and the
importance of implementing effective IDS solutions.
II. Diverse Threat Landscape: Indian enterprises face a diverse range of threats, including malware,
phishing attacks, and unauthorized access attempts.
III. Challenges in Rule Creation: Creating accurate and effective IDS rules can be challenging,
especially for detecting new and emerging threats.
IV. Limited Resources: Many organizations may have limited resources for network security,
including budget constraints and a shortage of skilled professionals.

14
1. Growing Awareness of Network Security Threats

I. Increased Attacks: There has been a significant increase in the frequency and sophistication of
cyber-attacks targeting Indian enterprises. This heightened awareness has led to a greater emphasis
on network security and the implementation of robust security measures.
II. Data Breaches: High-profile data breaches have highlighted the potential consequences of
inadequate network security, driving organizations to invest in stronger defenses.
III. Regulatory Compliance: Compliance with data protection regulations, such as the General Data
Protection Regulation (GDPR) and the Personal Data Protection Bill (PDPB), has further
motivated organizations to improve their network security practices.

2. Diverse Threat Landscape

I. Malware: Malware, including viruses, worms, and ransom ware, remains a persistent threat to
Indian enterprises. These malicious programs can compromise systems, steal data, and disrupt
operations.
II. Phishing Attacks: Phishing attacks continue to be a common tactic used by attackers to trick
individuals into revealing sensitive information or clicking on malicious links.
III. Denial of Service (DoS) Attacks: DoS attacks aim to disrupt network services by overwhelming
systems with excessive traffic. These attacks can cause significant disruptions to business
operations.
IV. Insider Threats: Insider threats, such as employees with malicious intent or compromised
credentials, pose a significant risk to organizations.
V. Advanced Persistent Threats (APTs): Advanced persistent threats (APTs) are sophisticated
attacks carried out by organized groups with long-term objectives. These attacks can be difficult
to detect and mitigate.

3. Challenges in Rule Creation

I. Evolving Threats: The constantly evolving threat landscape makes it challenging to create IDS
rules that accurately detect new and emerging threats.
II. False Positives and Negatives: Balancing the detection of legitimate threats with minimizing false
positives and negatives is a complex task.
III. Rule Complexity: Creating effective rules often requires a deep understanding of network
protocols, attack techniques, and system behavior.

4. Limited Resources

• Budget Constraints: Many organizations face budget constraints that limit their ability to invest in
advanced security solutions and skilled personnel.
• Skill Shortage: There is a shortage of qualified cyber security professionals in India, making it
difficult for organizations to find and retain skilled talent.
• Prioritization: Organizations may struggle to prioritize network security investments against other
competing demands.

15
 KEY LEARNING’S

The internship provided valuable insights into the field of network security and intrusion detection. Some
of the key learning’s include:

I. Importance of IDS: The critical role of IDS systems in protecting networks from threats.
II. Rule Creation Techniques: Effective methods for creating and managing IDS rules.
III. Alert Management Best Practices: Strategies for effectively managing and responding to IDS
alerts.
IV. Incident Response Procedures: The importance of having well-defined incident response plans.
V. Continuous Learning: The need for ongoing learning and adaptation to stay ahead of evolving
threats.

16
 CONCLUSION
The internship provided me with a valuable opportunity to gain practical experience in network security
and intrusion detection. Through hands-on experience with IDS tools and exposure to real-world security
challenges, I have developed essential skills that will be beneficial for my future career. I am confident
that the knowledge and experience acquired during this internship will contribute to my success in the
field of network security.

17